{
	"id": "ffecb647-63ed-4e95-b5c7-997f8edaea1f",
	"created_at": "2026-04-06T03:36:01.152852Z",
	"updated_at": "2026-04-10T13:13:08.243629Z",
	"deleted_at": null,
	"sha1_hash": "6ce9036461e7177bfa2d4304bfdd8d63128711dd",
	"title": "Chinese Intelligence Officers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 40685,
	"plain_text": "Chinese Intelligence Officers and Their Recruited Hackers and\r\nInsiders Conspired to Steal Sensitive Commercial Aviation and\r\nTechnological Data for Years\r\nPublished: 2018-10-30 · Archived: 2026-04-06 03:14:24 UTC\r\nChinese intelligence officers and those working under their direction, which included hackers and co-opted\r\ncompany insiders, conducted or otherwise enabled repeated intrusions into private companies’ computer systems\r\nin the United States and abroad for over five years.  The conspirators’ ultimate goal was to steal, among other data,\r\nintellectual property and confidential business information, including information related to a turbofan engine\r\nused in commercial airliners.\r\nThe charged intelligence officers, Zha Rong and Chai Meng, and other co-conspirators, worked for the Jiangsu\r\nProvince Ministry of State Security (“JSSD”), headquartered in Nanjing, which is a provincial foreign intelligence\r\narm of the People’s Republic of China’s Ministry of State Security (“MSS”). The MSS, and by extension the\r\nJSSD, is primarily responsible for domestic counter-intelligence, non-military foreign intelligence, and aspects of\r\npolitical and domestic security. \r\nFrom at least January 2010 to May 2015, JSSD intelligence officers and their team of hackers, including  Zhang\r\nZhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi, focused on the theft of technology\r\nunderlying a turbofan engine used in U.S. and European commercial airliners.  This engine was being developed\r\nthrough a partnership between a French aerospace manufacturer with an office in Suzhou, Jiangsu province,\r\nChina, and a company based in the United States. Members of the conspiracy, assisted and enabled by JSSD-recruited insiders Gu Gen and Tian Xi, hacked the French aerospace manufacturer.  The hackers also conducted\r\nintrusions into other companies that manufactured parts for the turbofan jet engine, including aerospace\r\ncompanies based in Arizona, Massachusetts and Oregon.  At the time of the intrusions, a Chinese state-owned\r\naerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in\r\nChina and elsewhere. \r\nDefendant Zhang Zhang-Gui is also charged, along with Chinese national Li Xiao, in a separate hacking\r\nconspiracy, which asserts that Zhang Zhang-Gui and Li Xiao leveraged the JSSD-directed conspiracy’s intrusions,\r\nincluding the hack of a San Diego-based technology company, for their own criminal ends.\r\n“For the third time since only September, the National Security Division, with its US Attorney partners, has\r\nbrought charges against Chinese intelligence officers from the JSSD and those working at their direction and\r\ncontrol for stealing American intellectual property,” said John C. Demers, Assistant Attorney General for National\r\nSecurity.  “This is just the beginning.  Together with our federal partners, we will redouble our efforts to safeguard\r\nAmerica’s ingenuity and investment.” \r\n “State-sponsored hacking is a direct threat to our national security.  This action is yet another example of criminal\r\nefforts by the MSS to facilitate the theft of private data for China’s commercial gain,” said U.S. Attorney Adam\r\nhttps://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal\r\nPage 1 of 3\n\nBraverman.  “The concerted effort to steal, rather than simply purchase, commercially available products should\r\noffend every company that invests talent, energy, and shareholder money into the development of products.”\r\n “The threat posed by Chinese government-sponsored hacking activity is real and relentless,” said John Brown,\r\nFBI Special Agent in Charge of the San Diego Field Office. “Today, the Federal Bureau of Investigation, with the\r\nassistance of our private sector, international and U.S. government partners, is sending a strong message to the\r\nChinese government and other foreign governments involved in hacking activities.  We are working together to\r\nvigorously investigate and hold hackers accountable regardless of their attempts to hide their illicit activities and\r\nidentities.”\r\nOn October 10, the Department of Justice announced that a JSSD intelligence officer was extradited to the\r\nSouthern District of Ohio, on charges that he attempted to steal trade secrets related to jet aircraft engines, and in\r\nSeptember, in the Northern District of Illinois, a U.S. Army recruit was charged with working as an agent of a\r\nJSSD intelligence officer, without notification to the Attorney General. \r\nAs the indictment in the Southern District of California describes in detail, China’s JSSD intelligence officers and\r\nhackers working at their direction masterminded a series of intrusions in order to facilitate intrusions and steal\r\nnon-public commercial and other data.  The hackers used a range of techniques, including spear phishing, sowing\r\nmultiple different strains of malware into company computer systems, using the victim companies’ own websites\r\nas “watering holes” to compromise website visitors’ computers, and domain hijacking through the compromise of\r\ndomain registrars.  \r\nThe first alleged hack began no later January 8, 2010, when members of the conspiracy infiltrated Capstone\r\nTurbine, a Los-Angeles-based gas turbine manufacturer, in order to steal data and use the Capstone Turbine\r\nwebsite as a “watering hole.”   \r\nChina’s intelligence service also sought, repeatedly, to hack into a San Diego-based technology company from at\r\nleast August 7, 2012 through January 15, 2014, in order to similarly steal commercial information and use its\r\nwebsite as a “watering hole.”\r\nChinese actors used not only hacking methods to conduct computer intrusions and steal commercial information,\r\nthey also coopted victim company employees.  From at least November 2013 through February 2014, two Chinese\r\nnationals working at the direction of the JSSD, Tian Xi and Gu Gen, were employed in the French aerospace\r\ncompany’s Suzhou office.  On January 25, 2014, after receiving malware from an identified JSSD officer acting as\r\nhis handler, Tian infected one of the French company’s computers with malware at the JSSD officer’s direction.\r\nOne month later, on February 26, 2014, Gu, the French company’s head of Information Technology and Security\r\nin Suzhou, warned the conspirators when foreign law enforcement notified the company of the existence of\r\nmalware on company systems. That same day, leveraging that tip-off, conspirators Chai Meng and Liu Chunliang\r\ntried to minimize JSSD’s exposure by causing the deletion of the domain linking the malware to an account\r\ncontrolled by members of the conspiracy.\r\nThe group’s hacking attempts continued through at least May of 2015, when an Oregon-based company, which,\r\nlike many of the other targeted companies, built parts for the turbofan jet engine used in commercial airliners,\r\nidentified and removed the conspiracy’s malware from its computer systems.\r\nhttps://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal\r\nPage 2 of 3\n\nCount Two of the indictment charges a separate conspiracy to hack computers in which Zhang Zhang-Gui, a\r\ndefendant charged in Count One, supplied his co-defendant and friend, Li Xiao, with variants of the malware that\r\nhad been developed and deployed by hackers working at the direction of the JSSD on the hack into Capstone\r\nTurbine. Using malware supplied by Zhang, as well as other malware, Li launched repeated intrusions that\r\ntargeted a San Diego-based computer technology company for more than a year and a half.  These intrusions\r\ncaused thousands of dollars of damage to protected computers.\r\nCount Three of the indictment charges Zhang Zhang-Gui with the substantive offense of computer hacking a San\r\nDiego technology company, which was one of the targets of the conspiracies alleged in Counts One and Two.\r\nThe charges contained in the indictment are merely accusations, and the defendants are presumed innocent unless\r\nand until proven guilty. \r\nThe FBI, led by the San Diego Field Office, conducted the investigation that resulted in charges announced today. \r\nThis case is being prosecuted by Alexandra Foster and Sabrina Fève of the United States Attorney’s Office for the\r\nSouthern District of California and Jason McCullough of the National Security Division’s Counterintelligence and\r\nExport Control Section.  The Criminal Division’s Office of International Affairs also provided assistance in this\r\nmatter, and the Department appreciates the cooperation and assistance provided by France’s General Directorate\r\nfor Internal Security (DGSI) and the Cybercrime Section of the Paris Prosecutor’s Office during the investigation\r\nof this matter.\r\nCase Number: 13CR3132-H\r\nSource: https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal\r\nhttps://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal"
	],
	"report_names": [
		"chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal"
	],
	"threat_actors": [],
	"ts_created_at": 1775446561,
	"ts_updated_at": 1775826788,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6ce9036461e7177bfa2d4304bfdd8d63128711dd.pdf",
		"text": "https://archive.orkl.eu/6ce9036461e7177bfa2d4304bfdd8d63128711dd.txt",
		"img": "https://archive.orkl.eu/6ce9036461e7177bfa2d4304bfdd8d63128711dd.jpg"
	}
}